'Triton' Malware Attacks Industrial Safety Systems

"We assess with moderate confidence that the attacker's long-term objective was to develop the capability to cause a physical outcome", the FireEye researchers said.

Security firm Symantec said to The Guardian: "While there have been a small number previous cases of malware created to attack industrial control systems (ICS), Triton is the first to attack safety instrumented system devices". FireEye said the Triton framework tool was built with "the ability to read and write programs, read and write individual functions and query the state of the SIS controller", and targeted systems that "provided emergency shutdown capability for industrial processes", however the researchers said the aim of the malicious actors went beyond simply shutting down systems.

TRITON was used to modify application memory on SIS controllers in the environment, which could have led to a failed validation check.

The attacker, according to FireEye, was probably not a cyber crime group, because targeting the industrial control safety systems at the company suggested a darker goal - causing a high-impact attack with physical consequences. The researchers say that they haven't attributed the hack to a particular attacker, but they do say it bore hallmarks of threats from a nation-state. "We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations".

In announcing the discovery, FireEye invoked the names of potent industrial control malware that has caused havoc in the past.

Twitter to make it easier to post threads and 'tweetstorms'
Threading - sometimes referred to as " tweetstorms " - is the description given to a series of individual tweets linked together. For those who are just reading the tweets, it's now easier to spot thread because they now come with a "Show this thread" label.

They also likely performed advanced reconnaissance on their victim, which FireEye hasn't identified, because they knew it was using Triconex SIS controllers. The attacker could have caused a process shutdown by issuing a halt command or intentionally uploading flawed code to the SIS controller to cause it to fail.

The first clue is that attackers deployed TRITON right away after gaining access to an SIS engineering workstation with access to SIS controllers. Instead, the attacker made several attempts over a period of time to develop and deliver functioning control logic for the SIS controllers in this target environment. Engineering workstations capable of programming SIS controllers should not be dual-homed to any other DCS process control or information system network.

"Intrusions of this nature do not necessarily indicate an immediate intent to disrupt targeted systems, and may be preparation for a contingency", the FireEye team said, hinting that this could have also been a live field test for a more sinister attack. "Never leave the front panel key position in the "Program" mode when not actively configuring the controller", Schneider Electric wrote in an advisory.

Use a unidirectional gateway rather than bidirectional network connections for any applications that depend on the data provided by the SIS.

Amazon Extends Free Shipping Deadline To Dec 16
However, today is the last day to take advantage of the free shipping offer if you want your orders to show up before Christmas. Are there limitations on product orders? Those items can only be shipped to the Continental U.S. and to non-P.O.

Apple's Xeon and Vega powered iMac Pro launches this week
As an absolute monster of a machine, the iMac Pro features specifications that are, frankly, a little more than overkill. There hasn't been a proper, balls to the wall Mac since 2013, which hasn't aged well due to its lack of upgrade options.

Netflix is weirdly anxious about 'A Christmas Prince' fans
Netflix doesn't often provide statistics about ratings or viewership, but the streaming service did reveal something interesting. The intention was humorous, but many of Netflix's followers on Twitter were angry at the frivolous use of customer data.

Who is Doug Jones, Alabama's new United States senator?
Doug Jones is Pro-Abortion, weak on Crime, Military and Illegal Immigration, Bad for Gun Owners and Veterans and against the WALL. In his final pitch before polls opened across the state, Jones called the choice a "crossroads" and asked that "decency" prevail.

Mercer County has lowest gas prices
Kansas gas prices have fallen 13 cents in the past month, and the state now has the 11th lowest gasoline prices in the nation. In line with Cars.com's long-standing ethics policy, editors and reviewers don't accept gifts or free trips from automakers.

Robin Roberts To Omarosa: Bye Felicia
"It was more of a "you can't fire me, I quit" situation", said another White House official. How did she get a job at the White House? The White House denied compiling such information.

Longview fire demonstrates how fast a dry tree burns
Though tempting, don't use the trunk as a handle to lift the tree, and avoid thumping it down hard against the ground. To keep them healthy, you'll have to water them, which, in addition to the soil, can make a mess on the carpet.

Apple Invests $390 Million In US Laser Manufacturer
Apple will be opening an American headquarter for the futuristic company to create the material that Apple needs for its products. Lumentum is the top supplier of VCSELs and represents a "single source risk" for Apple , he added.

Sanders says Trump already addressed allegations
Trump fiercely denied their claims, many of which emerged after the 2005 "Access Hollywood" tape was made public in October 2016. She reportedly met with Trump once in 2010, with Ivanka Trump also attending the meeting, an aide told the Washington Post .